CERT/CC
background
background
CERT NetSA Security Suite 
Open Source Tools for Network Monitoring 
News | Documentation | Downloads
YAF 0.8.1 | NAF 0.6.0 | SiLK 1.0.1 | RAVE 1.9.9
fixbuf 0.7.3 | ipa 0.2.1 | airdbc 0.2.2 | airframe 0.7.2 | Portal 0.8.0
SiLK - Documentation - rwappend
Documentation | Downloads | Release Notes | FAQ | License | Credits | Reference Data | Live CD

NAME

rwappend - Append SiLK Flow file(s) to an existing SiLK Flow file

SYNOPSIS

  rwappend [--create=[TEMPLATE_FILE]] [--site-config-file=FILENAME]
        [--print-statistics] TARGET_FILE SOURCE_FILE [SOURCE_FILE...]

DESCRIPTION

rwappend reads SiLK Flow records from the specified SOURCE_FILEs and appends them to the TARGET_FILE. If stdin is used as the name of one of the SOURCE_FILEs, SiLK flow records will be read from the standard input.

When the TARGET_FILE does not exist and the --create switch is not provided, rwappend will exit with an error. When --create is specified and TARGET_FILE does not exist, rwappend will create the TARGET_FILE using the same format, version, and byte-order as the specified TEMPLATE_FILE. If no TEMPLATE_FILE is given, the TARGET_FILE is created in the default format and version (the same format that rwcat(1) would produce).

The TARGET_FILE must not be compressed (i.e., in may not end in the .gz extension).

OPTIONS

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.

--create
--create=TEMPLATE_FILE
Create the TARGET_FILE if it does not exist. The file will have the same format, version, and byte-order as the TEMPLATE_FILE if it is provided; otherwise the defaults are used. The TEMPLATE_FILE will NOT be appended to TARGET_FILE unless it also appears in as the name of a SOURCE_FILE.

--print-statistics
Print the number of records read from each SOURCE_FILE and the total number of records appened to the TARGET_FILE.

--site-config-file=FILENAME
Read the SiLK site configuration from the named file FILENAME. When this switch is not provided, the location specified by the SILK_CONFIG_FILE environment variable is used if that variable is not empty. The value of SILK_CONFIG_FILE should include the name of the file. Otherwise, the application looks for a file named silk.conf in the following directories: the directory specified in the SILK_DATA_ROOTDIR environment variable; the data root directory that is compiled into SiLK (use the --version switch to view this value); the directories $SILK_PATH/share/silk/ and $SILK_PATH/share/; and the share/silk/ and share/ directories parallel to the application's directory.

EXAMPLES

Standard usage where results.dat exists:

  rwappend results.dat sample5.dat sample6.dat

To append files sample*.dat to results.dat, or to create results.dat using the same format as the first file argument (note that sample1.dat must be repeated):

 rwappend results.dat --create=sample1.dat \
       sample1.dat sample2.dat

If results.dat does not exist, the following two commands are equivalent:

  rwappend --create results.dat sample1.dat sample2.dat
  rwcat sample1.dat sample2.dat > results.dat

ENVIRONMENT

SILK_CONFIG_FILE
This environment variable is used as the value for the --site-config-file when that switch is not provided.

SILK_DATA_ROOTDIR
When the --site-config-file switch is not provided and the SILK_CONFIG_FILE environment variable is not set, rwappend looks for the site configuration file in $SILK_DATA_ROOTDIR/silk.conf.

SILK_PATH
This environment variable gives the root of the install tree. As part of its search for the SiLK site configuration file, rwappend checks for a file named silk.conf in the directories $SILK_PATH/share/silk and $SILK_PATH/share.

SEE ALSO

rwcat(1)

BUGS

When used in an IPv6 environment, rwappend will convert IP addresses into the form used by the TARGET_FILE. Any records containing IP addresses that cannot be converted will be silently ignored.

rwappend makes some attempts to avoid appending a file to itself (which would eventually exhaust the disk space) by comparing the names of files it is given; it should be smarter about this.

YAF | NAF | SiLK | RAVE | fixbuf | ipa | airdbc | airframe | Portal
SiLK is part of the NetSA Security Suite, developed by the CERT NetSA group
at the Software Engineering Institute at Carnegie Mellon University.

© 2002-2008 Carnegie Mellon University